Confidentiality and Data Protection Policy

1. Introduction

Confidentiality is a key issue for any organisation that gives any form of legal advice. This includes organisations where advice is just a minor part of the services on offer or where clients are simply given information about a problem and are signposted to a local advice centre. It should be applied to all practice in the organisation and form an integral part of induction and training for new staff members, volunteers and Trustee Board Member (TB). In some cases confidentiality is seen as such a key issue that it is incorporated into contracts of employment.

2. Information Commissioners Office

As a not for profit organisation, The Debt Counsellors is not obliged to register with the ICO however the Trust will exercise its right do so voluntarily.

3. What is meant by confidentiality?

Confidentiality means establishing a relationship of trust between the organisation and the client so that all personal details are kept private and not passed on to a third party without the express consent of the client. Confidentiality ensures that the client’s privacy is protected especially when handling sensitive, often highly personal information. It involves having secure systems that limit access to client records to certain persons in the organisation.

4. Why is confidentiality important?

Confidentiality instils confidence of clients in the service being provided and allows the client to feel at ease in disclosing personal, sometimes distressing details in the confidence that such information will not be passed on without the client’s express consent. It makes sure that all clients receive fair treatment by the organisation and that their personal security (and that of the organisation) is protected. Confidentiality contributes to the provision of a professional and accessible service.

5. Confidentiality in the advice service

The client’s right to confidentiality applies to prevent details of their case being released outside the organisation. Within the organisation only members of staff involved in providing information, giving advice or supervisors:

      • should have access to clients’ records
      • should take part in discussions relating to the enquiry
      • All staff should receive training on the organisation’s confidentiality policy

However, the Trustee Board (TB) are not part of the staff team therefore, unless they are acting as supervisors, legitimate file reviewers or advisors they should:

      • not have access to clients’ records
      • not be aware of any individual who has come into the organisation

They should however

      • be aware of the policy – training for new members
      • have responsibility to deal with any potential breach of confidentiality
      • be responsible for ensuring that the confidentiality policy is implemented

If TB members are involved in supervision or direct advice-giving the organisation will ensure that the TB member is clear about their different roles. Issues about individual clients should not be discussed by the whole TB unless it is to deal with a complaint, breach of confidentiality issue or another issue which fits into the TB’s strategic role.

6. Confidentiality and other people

If a client asks someone to act on their behalf e.g. emailing documents or speaking on the telephone on the clients’ behalf, it is the adviser’s responsibility to ensure that permission has been given. It is best to get permission in writing. You should not disclose that the client has contacted your organisation unless the client has given consent to do so. This includes to a:

      • Partner
      • Members of the extended family
      • Children
      • Friends

The same applies if the police or social services ask about a client.

Judgement should be used in particular situations, for example if it is clear that a carer has spoken on behalf of the client to the organisation, by means of being passed by the client during a telephone call, it is safe to assume that they are there with the client’s consent and to ask for written permission to be given in that kind of situation would be unreasonable.

7. Client consent

In many situations where a client is simply being given general information about their problem, offered leaflets or is signposted to another organisation there is no need to obtain the client’s authorisation to act.

However, where advising the client may involve contacting a third party eg the Housing Benefits office at the local council, it is our duty to ensure that the client gives their express consent to the organisation to act on their behalf. The best way for this to work is to ask the client to sign a simple ‘authorisation to act’ form.

8. Contacting clients

      • We will ensure that we have permission to contact the client at home and check whom it is appropriate to speak to. Clearly, to speak to a partner in a relationship break up, or in a case of domestic violence for example would not be appropriate.
      • We will check where or when it is appropriate to phone the client.
      • We do not leave case specific or sensitive messages on answerphones, as the identity of the recipient cannot be guaranteed. We do not fax information to a user unless we have confirmed they are actually standing by the fax.
      • Similarly details regarding contact by email are checked.
      • All our calls are recorded for training and monitoring purposes.

9. Post

We always check with the client that there are no problems with sending letters to their home address. Our organisation should decide whether all mail will be opened, including that marked ‘confidential’ and must ensure that any information contained within is not disclosed to anyone else. Staff responsible for opening mail must be made aware of the issues around confidentiality.

10. Office Security and Storage of records

Client records and all paperwork relating to their case are scanned and stored on a secure web based system. Originals documents are returned to the client as soon as possible. Computer records are password protected. All computer files are retained for 6 years.

TDC have a clear desk policy for client documents. Any un-scanned documents are locked away at the end of the working day. TDC’s offices are locked at the end of the working day or when un- attended and are situated in a large serviced office block with security in attendance.

Staff records are retained in a locked filing cabinet only accessible by the CEO.

11. Monitoring

      • All statistics are presented to the TB and funders are in an anonymous form so that individuals cannot be identified.
      • Where we use case studies as part of an annual or other report we ensure that individuals cannot be identified unless they have expressly agreed.

12. Informal discussions off the premises

All staff are clearly informed that it is inappropriate to discuss cases informally, for example in a social setting after work, or in a public place as this could easily lead to an unintentional breach of confidentiality if the conversation is overheard.

13. Premises

As a telephone advice service our premises are not utilized for face to face advice.

14. Working area

Our offices are exclusively for the use of The Debt Counsellors Charitable Trust. Staff making telephone calls, discussing cases etc. cannot be overheard.

15. Home working

Staff undertaking advice work from their homes are reminded of their duty to ensure all case information held on computer is not visible or accessible to family members or children, and that calls cannot be overheard in the home.

16. Legal issues around confidentiality

There are a number of key pieces of legislation that directly or indirectly relate to how we implement confidentiality within our organisation. Legislation changes rapidly; it is our organisation’s responsibility to keep up to date with relevant legislation.

17. Disclosure of crime

There is no duty in English Law for us to disclose a crime to the police. So if a client admits to having committed a crime or that they are about to do so we are not assisting the crime if we fail to disclose it.

17.1 However there are two exceptions:

      • Terrorism
        The legislation regarding terrorist activities is constantly changing and being updated by Government. The Terrorism Act 2000, The Anti-Terrorism Crime and Security Act 2001(ATCSA), Terrorism Act 2006 and Counter Terrorism Act 2008and other more recent legislation have made it a criminal offence not to inform on others where you suspect them of being involved in an act of terrorism.
      • Drug Trafficking: The Drug Trafficking Act 1994 makes it a criminal offence not to report to the police suspicion or knowledge of drug money laundering gained during the course of contact with a client.

18. The Social Security Administration (Fraud) Act 1997

You must not knowingly assist with a fraudulent claim for benefits in any way, for example helping somebody claim for Job Seekers Allowance when they are in paid employment. However, as above, there is no duty to disclose this to the Benefits Office – this would be a breach of confidentiality.

19. Child protection legislation

The Children’s Act 1989 and the Protection of Children Act 1999 are just two of the relevant pieces of legislation regarding the protection of children.
You may come across these issues in a number of ways:

      • We may come across these issues in a number of ways:
      • We may suspect that a child is in need or being abused
      • A child may reveal to us that they have been abused by somebody
      • An accusation of abuse may be made about a member of our staff or a volunteer
      • An adult client may reveal an incident of abuse about a child

The police and schools have a statutory duty to report suspicions or evidence of child abuse to Social Services. This duty does not necessarily apply to voluntary sector organisations offering confidential services. Our organisation has decided that protection of the child is paramount and that it will always pass on details to the relevant authorities. Staff should discuss any information about child abuse with the CEO before informing social services or other outside body.

20. Data Protection Act 1998

The Data Protection Act 1998 covers information that is held in both paper based and computer systems. The Act covers information we keep which can be easily accessed. This includes information about our staff, our volunteers including The Trustee Board members and our clients.
The Act applies for example to any client records we are obliged on request from a client or other individual to provide them with the personal data that we hold about them. It is important therefore that unbiased and factual language is used in any records about clients or any other individual.

21. Police & Criminal Evidence Act 1984 (PACE)

This act gives the police powers, lawfully in any premises to seize anything they reasonably believe is evidence in relation to an offence under investigation which otherwise might be concealed, lost, altered or destroyed.

The police can summons a member of staff as a witness. Our organisation will inform the client that the summons has been received but we will not discuss the evidence to be given with the user.

22. Police attending the organisation

If the police approach the organisation to obtain information about a client the following procedure will be adopted:

      • Inform the police that the organisation operates a confidentiality policy and offer to go through its contents.
      • Ensure all workers are aware the police will be attending.
      • The police should not be allowed to enter any room where records are kept.

23. Crimes committed in the organisation

If the police are called following a burglary we ensure that advisers are logged out of the case management system and the service is suspended until they have left the premises.

24. Risk of harm

If there is a possibility that a client may harm themselves or others we will discuss this with colleagues and consider the appropriate action.

      • If there is an imminent risk of harm to somebody we should call the police. We will inform the client that we are doing this if appropriate or if we feel that this would be unsafe we can decide not to inform the client.
      • It is important that we maintain the relationship of trust that we have with our clients.

25. Breaches of confidentiality

There are instances in which it is necessary to breach confidentiality of client information. In some cases this is compulsory, e.g. when required by law and in other cases a breach of confidentiality can be at the discretion of the organisation.

26. When can confidentiality be breached?

Conflict of interest’– e.g. informing a client that we cannot help them because the other side to a dispute has also been to see you and to ask for advice. This is automatically a breach of confidentiality and no further details should be given in this scenario.
Legal duties – this may arise as a result of the information that is being disclosed eg. child protection, terrorism, safety of a person.

27. What should happen if a client cannot be contacted?

It is quite common for an organisation to find that it is unable to contact a client. An obvious way round this is to breach confidentiality and ask a third party (e.g. a relative) to tell the client to contact the charity. This should not be the generally adopted approach, but if there is extreme urgency and all other reasonable steps have been taken, it might be acceptable.

Confidentiality is such a fundamental aspect of advice that and decision to breach confidentiality must not be taken lightly or without following a formal procedure:

      1. Advisers will raise the matter with their supervisor or manager
      2. Discuss the reasons why confidentiality should be breached and what this action will achieve
      3. If it is agreed; ensure a full written report is prepared on the case and ensure any action agreed is undertaken

More About The Debt Counsellors

The Debt Counsellors logo Please read these important pages about The Debt Counsellors charitable trust.
Shareable URL: